Recently, Kaspersky's Global Research and Analysis Team (GReAT) discovered a new malware attack campaign by the notorious Lazarus hacking group targeting organizations worldwide .
Illustration source: People's Army Newspaper online.
Malware disguised as legitimate software.
The GReAT team has discovered a series of cyberattacks in which targets are infected via malware disguised as legitimate software, designed to encrypt web traffic using digital certificates.
However, organizations worldwide continued to use the flawed version of the software even after the vulnerabilities were discovered and patched, creating opportunities for the Lazarus group to carry out cyberattacks.
Cyber attackers control victims using the SIGNBT malware and employ sophisticated evasion techniques to avoid detection. In addition to acting as the initial point of infection, this malware also collects information to create a profile of the victim.
Further investigations revealed that the Lazarus group's malware repeatedly targeted software vendors. The frequency of these attacks suggests a motive to disrupt the software supply chain and a determination to steal critical company source code.
“The continuous attacks by the Lazarus hacking group are a testament to the changing tactics and attack efforts of cybercriminals. They operate on a global scale, targeting multiple industries with sophisticated methods.”
"This shows that the threat is still present and requires everyone to be highly vigilant," said Seongsu Park, head of security research at GReAT at Kaspersky.
Vietnam is one of the targets.
According to cybersecurity company Bkav , in the third quarter of 2023, new variants of many well-known data-stealing viruses such as RedLine and Erbium tended to use techniques to bypass antivirus software (AV) by forging digital signatures and exploiting standard computer processes in new attack campaigns.
Antivirus software that only performs basic file scans often overlooks programs with digital signatures. Taking advantage of this loophole, hackers create viruses that spoof digital signatures to bypass these antivirus programs. In just seconds, the virus can spread, steal data, and send it to the server, causing immeasurable damage to organizations and businesses.
Experts say Vietnam is among the countries targeted by the Erbium virus, along with the US, France, Colombia, Spain, Italy, India, and Malaysia. Erbium is information-stealing malware that is distributed by embedding itself in cracked/cheated game products to steal login credentials and cryptocurrency wallet information from victims.
Mr. Nguyen Tien Dat - General Director of Bkav's Malware Research Center - analyzed: "Viruses and their variants are becoming increasingly sophisticated. Conventional antivirus software will have difficulty dealing with them."
Users should choose licensed antivirus software that utilizes AI technology , integrates multiple protection features, and receives regular updates and support from professional providers for comprehensive protection.
According to Duc Thien – Tuoi Tre Online
Source
![[Photo] General Secretary To Lam presides over a meeting with the Editorial Teams to summarize 100 years of the Party's leadership of the Vietnamese revolution and 40 years of implementing the National Construction Program.](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2026/03/04/1772601288977_a1-bnd-8134-7576-jpg.webp)
Comment (0)